Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.1140.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:1140-1)
Zusammenfassung:The remote host is missing an update for the 'ghostscript-library' package(s) announced via the SUSE-SU-2018:1140-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ghostscript-library' package(s) announced via the SUSE-SU-2018:1140-1 advisory.

Vulnerability Insight:
This update for ghostscript-library fixes several issues.
These security issues were fixed:
- CVE-2017-7207: The mem_get_bits_rectangle function allowed remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted PostScript document (bsc#1030263).
- CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer
overflow in jbig2_image_new function (bsc#1018128).
- CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote
attackers to cause a denial of service (use-after-free and application
crash)
or possibly have unspecified other impact via a crafted document
(bsc#1050891)
- CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) or possibly have unspecified other impact via a
crafted document (bsc#1050889)
- CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) or possibly have unspecified other
impact via a crafted document (bsc#1050888)
- CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote
attackers to cause a denial of service (heap-based buffer over-read and
application crash) or possibly have unspecified other impact via a
crafted document (bsc#1050887)
- CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state
structure, which allowed remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PostScript document, related to an out-of-bounds read in the
igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184)
- CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers
to cause a denial of service (heap-based buffer overflow and application
crash) or possibly have unspecified other impact via a crafted
PostScript document (bsc#1050879)
- CVE-2016-10219: The intersect function in base/gxfill.c allowed remote
attackers to cause a denial of service (divide-by-zero error and
application crash) via a crafted file (bsc#1032138)
- CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c which allowed for DoS (bsc#1040643)

Affected Software/OS:
'ghostscript-library' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-9601
BugTraq ID: 97095
http://www.securityfocus.com/bid/97095
Debian Security Information: DSA-3817 (Google Search)
https://www.debian.org/security/2017/dsa-3817
https://security.gentoo.org/glsa/201706-24
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9601
Common Vulnerability Exposure (CVE) ID: CVE-2017-7207
BugTraq ID: 96995
http://www.securityfocus.com/bid/96995
Debian Security Information: DSA-3838 (Google Search)
http://www.debian.org/security/2017/dsa-3838
https://security.gentoo.org/glsa/201708-06
RedHat Security Advisories: RHSA-2017:2180
https://access.redhat.com/errata/RHSA-2017:2180
http://www.securitytracker.com/id/1039071
Common Vulnerability Exposure (CVE) ID: CVE-2017-9216
BugTraq ID: 98680
http://www.securityfocus.com/bid/98680
https://bugs.ghostscript.com/show_bug.cgi?id=697934
Common Vulnerability Exposure (CVE) ID: CVE-2017-9612
BugTraq ID: 99979
http://www.securityfocus.com/bid/99979
Debian Security Information: DSA-3986 (Google Search)
http://www.debian.org/security/2017/dsa-3986
https://security.gentoo.org/glsa/201811-12
Common Vulnerability Exposure (CVE) ID: CVE-2017-9726
BugTraq ID: 99992
http://www.securityfocus.com/bid/99992
Common Vulnerability Exposure (CVE) ID: CVE-2017-9727
BugTraq ID: 99999
http://www.securityfocus.com/bid/99999
Common Vulnerability Exposure (CVE) ID: CVE-2017-9739
BugTraq ID: 99987
http://www.securityfocus.com/bid/99987
Common Vulnerability Exposure (CVE) ID: CVE-2017-9835
BugTraq ID: 99991
http://www.securityfocus.com/bid/99991
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.